ScreenShot
| Created | 2024.07.01 09:26 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32+ executable (native) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, AGEN, Outbreak, Detected, Casdet, PossibleThreat, confidence) | ||
| md5 | 07c1efc472c5c8424d6a4e529abc63c5 | ||
| sha256 | 36ced2ebd0665e53e6bf8cc629fe7567832beadafca5716c9338df231dad688d | ||
| ssdeep | 24576:G9oQP7aHQw68S/nfEgT2BqtiSqQU5xO0u7+WfNhvX7dTYek6H6E+:uoQP7aHQr/M210SnK5NyvX7usaT | ||
| imphash | 404945339b44ee7520ac5937f1ade137 | ||
| impfuzzy | 12:sYTm5XNnDeLbNRRmN3EpRmNBCF+NrG6QNUhNReCNEzNvNUDUNXNDeNjGAEhR:sYSPnGZi5BuqGULQ2ER1UD89mlEH | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
NETIO.SYS
0x140b2b000 WskCaptureProviderNPI
ntoskrnl.exe
0x140b2b010 ZwClose
WDFLDR.SYS
0x140b2b020 WdfVersionBindClass
ntoskrnl.exe
0x140b2b030 ExAllocatePool
0x140b2b038 NtQuerySystemInformation
0x140b2b040 ExFreePoolWithTag
0x140b2b048 IoAllocateMdl
0x140b2b050 MmProbeAndLockPages
0x140b2b058 MmMapLockedPagesSpecifyCache
0x140b2b060 MmUnlockPages
0x140b2b068 IoFreeMdl
0x140b2b070 KeQueryActiveProcessors
0x140b2b078 KeSetSystemAffinityThread
0x140b2b080 KeRevertToUserAffinityThread
0x140b2b088 DbgPrint
HAL.dll
0x140b2b098 KeQueryPerformanceCounter
EAT(Export Address Table) is none
NETIO.SYS
0x140b2b000 WskCaptureProviderNPI
ntoskrnl.exe
0x140b2b010 ZwClose
WDFLDR.SYS
0x140b2b020 WdfVersionBindClass
ntoskrnl.exe
0x140b2b030 ExAllocatePool
0x140b2b038 NtQuerySystemInformation
0x140b2b040 ExFreePoolWithTag
0x140b2b048 IoAllocateMdl
0x140b2b050 MmProbeAndLockPages
0x140b2b058 MmMapLockedPagesSpecifyCache
0x140b2b060 MmUnlockPages
0x140b2b068 IoFreeMdl
0x140b2b070 KeQueryActiveProcessors
0x140b2b078 KeSetSystemAffinityThread
0x140b2b080 KeRevertToUserAffinityThread
0x140b2b088 DbgPrint
HAL.dll
0x140b2b098 KeQueryPerformanceCounter
EAT(Export Address Table) is none